Topic: Antiviruses - page 6. (Read 1177 times)

My reply came before your assertions:


what this means is that malware can do what it likes, because the VM it infects is simply a copy of a template VM that is thrown away every time you shut it down. there's also a system that destroys the user file system on shutdown also.

I've literally spent the last 5-6 years opening 30-100 "Disposable VM's" every time I sit down to use my PC. The hypervisor that shepherds the VMs is very small, and so even though I couldn't and wouldn't scrutinize the code, I can and do compile it, and there are people who can read and understand that codebase because of it's relatively small size.


please don't reply to posts if you're not even going to read them, thank you

I've seen @Carlton Banks' posts, in his opinion antivirus is not necessary, since he will use a Linux. And that's good enough... for the distro he is using.

In the past he didn't understand why I'd use Windows and, I guess, why anybody would use Windows. So his advises will not be good for Windows.
Yes, for Windows a security software - Antivirus, Anti-Malware, Sandbox the unknown, Warn for phishing sites and so on - is a good (necessary) addition. If not outdated and used well, it's a great addition to security. It's clearly not wasted space.

Of course, if you install a hack in the system because you don't want to buy a key, and you also add that hack as exception into antivirus (and it's just one of many examples), of course that you are sitting on a ticking bomb.
Of course that the security software is not perfect and will have false positives too. Use sandbox for those if you really want to run them. Add exception if you are indeed 100% sure it will never be malicious.

And of course that they may send info "home", you'll have to live with that. Actually Windows also sends info "home" and if you have Windows, you already live with that.
I've read that some Linux distributions (Mint?) also do that. So .. what's the difference? One has to know all the news the sysadmins are reading (and configure accordingly) and then he'll have the safest system. The rest of the mortals will have to protect themselves with more "common" means.

And if one wants his bitcoins safe, he keeps them offline. All other options are - in a way or another - ticking bombs.

Well, you have obviously not been the victim of the latest Ransomware viruses that use Bitcoin as a payment option. Our company was targeted for this and all the computers with outdated AV Software got infected and files got encrypted. The other computers with the latest updates are still running without any problem.

A lot of viruses are doing things on your computer, without you even knowing it and it is only when you install a good AV software, that you realize what viruses are running in the background and once you look at the payload description for that viruses, a lot of the weird things that are happening on your computers becomes clear.

We had a bot network running on 100s of computers with outdated AV software and when we manually updated it, the bots was removed  and the users reported back that the computers was much faster than before.  

I have to say that the guys I know whose computers were hit hard by viruses ten years ago (as in like it wipes out hard disk or it corrupts system files etc) they actually did need antivirus because they didn't know how to not open bad attachments or download stuff from internet etc.

But Bitcoin threats and Bitcoin viruses, I don't think AV really helps you because there are no Bitcoin viruses are they?

But it's better than nothing right? Most of the time, AV really helps you avoid old and new viruses from time to time. If you are not a techy guy that doesn't know much about phishing, malware, and alike, at the very least anti-virus would help you secure your computer. I'm not saying AV protects you completely, it's just that it helps. The level of security still depends on the user.

the problem is that sometimes you can't switch to Linux. for example many day to day things many users do can only be done on Windows because that specific application is only released for Windows. eventually you get used to using the same OS so for anything not-security-critical you stick to Windows which means you have to have an antivirus installed to protect you against "majority" of unwanted things.

so in case of what was quoted, you can't really tell him to uninstall his AV because it may not give him 100% protection because you really are telling him to give up the 90% protection he has just because it is not 100%!
of course the only argument you could make is to move to a secure OS and offline when you deal with things that require security like your cold storage, but for running a node Windows is fine. you just have to learn how to use the AV properly specially the FireWall.

Some parts of operating systems are exploitable like windows with the WannaCry virus which was a vulnerability exploit that was normally previously used for industrial network installations (so the modem can pass applications to other computers for them to be installed). It's hard to securely run windows unless you ensure that everyone on the same internet know what they're doing and how not to get a virus on their machine (even if that vulnerability was patched, we all know how often Windows updates can fail if you've ever run Windows - and some just never install).


Programmers might make some code too that can look correct but can compile to produce vulnerabilities. There must've been bugs in the past caused by old compilers that opened up vulnerabilities, in order to trust your piece of code is going to run correctly you might also wnat to check the compiler is fully up to date and not malicious (it's likely lots of people will check compilers for thier integrity especially as a lot of people are interested in how they function and how they can make them more efficient).

---

If you have a lot of crypto to keep safe, it might be worth investing in a separate computer entirely, as mentioned VM's can have backdoors in them and nothing can beat the security of an airgapped wallet (potentially with a hardware wallet added in too on the airgapped machine).

Popular open-source software has been checked by multiple people already.
And new malicious commits / changes to it would attract the attention of quite a lot people.

Using popular and wide-spread open-source software is definitely safer than using a less popular one or even closed-source software.




Same as above. Popular open-source software has been checked by quite a lot people already.
Cuckoo would be one of these open-source sandbox tools.




Detecting a sandbox is pretty easy, even nowadays.

Escaping them requires a vulnerability in such software. There was a vulnerability which allowed to escape the sandbox of oracle's virtual machine which has been fixed roughly 6 months ago (more or less).
Definitely a possibility nowadays.

Something like that could in theory happen with any software that isn't open sourced and who's code has not been checked thoroughly.
What if the Sandbox software you are using is run by a malicious person? Have you personally looked at every line of code?
7-8 years ago there were password stealers who could bypass Sandboxie and had Anti-Sandbox options, I don't even know what is possible with the technological advancements today. 

that's the old security model though

new security model (since ~ 2012):

• Virtual machines for sandboxing apps
• Dedicated CPU instructions sandbox hardware devices
• Non-persistant filesystem stops malware from sticking after a reboot

if you're thinking "that sounds too hard to use/setup", then maybe you should be asking "how much do I want to keep my BTC safe?"

if you believe the 1990's model (anti-virus) is good enough, I hope you won't be upset if you get hacked. By someone who works for Avast or Kaspersky.

If you use your computer for normal things you don't even need anti virus software, especially if it's not a Windows OS.
If you are a person who downloads a lot, likes to visit underground forums, receives and opens files via email, Telegram, Skype or whatever chances are you will get some sort of virus sooner or later. Being cautious and having common sense reduces the risk of infections. Don't poke the bear!

Unfortunately many people lack both common sense or the logic of what they should and should not do. That is where AV companies come into play to try and protect or guide people away from the dangers.

Even I don't believe that these AVs can actually prevent our PCs from being maliciously infected because every time a virus is found, added and updated to their directory, someone somewhere becomes a victim for sure and that's what makes me feel that malign viruses are ahead of these AVs while comparing the amount of time they take to attack on a PC versus the time taken to understand, find and update that virus and remove it. Some viruses don't even get removed from these AVs so I can't decide which ones to trust to believe that my PC is secure enough to store my crypto in it. These AVs quarantine (and sometimes even delete, just as in the case of OP) some important files if given the allowance to do so without our permission.  

Well, they are.
Most malware simply is coded for windows. And the majority of mac user are not techy at all. Most of them can't even update their browser themselves.

Those people are way easier to be tricked into downloading/installing malware.

And an AV would at least protect against already known threats or obvious malware actions.




It doesn't make it secure. But it at least adds some security to it.
The companies earn from the premium subscription and from the information your computer is sending them back whenever something strange happens (i.e. new file making new weird actions, etc.).

my experience was the opposite, anti-virus didn't save me from a single thing, and inconvenienced me from doing what I wanted to at least a handful of times


and really, it's another way of saying "Windows and Mac are insecure by default"

and some company makes your Win/Mac computer secure, for free? because some tiny percentage pay for the "full" application?

I'm amazed that anyone ever believed this (including myself, I believed it up until the early 2010's)

Well, not really, no.

But malware can be part of a phishing campaign, which itself is geared towards gaining sensitive information of the victim (e.g. private keys).
Multiple user already have downloaded malware from a fake electrum site and tried to install it. Luckily their AV prevented that.


I'd still always recommend people who are using windows or mac to always use an AV. It usually brings more value than it creates inconveniences.

It is not a virus but still AntiVirus software warn users of flagged phishing sites.
Same thing goes for MetaMask. If you visit a malicious site MetaMask will warn you of potential phishing attempts.

It is another thing if you are experienced enough not to visit dangerous sites or use potentially dangerous services, unfortunately many people aren't.

There has been no talk about avatas here. Do you mean Avast?
Probably because it is a free and easy to use AV solution.

There's been so much talk about avatas... Why do you use it?
?

is phishing a virus?


it's not, is it?

This could apply if you are using Operating systems that are rarely targeted like Linux. I have used linux for a few years now and i haven't had to worry a lot about viruses and so i have no antivirus installed at all (Am not saying it's completely secure but the incidents are so rare unlike windows)

For windows, it's a different case. Malware is there on every corner of the web just wait for you to slip up and click on it  
The very first day i installed Avast a few days after i had installed Windows OS and a few applications that i needed to use. It immediately detected that there was malware in my PC.

I stopped using windows for all my crypto-related transactions since then.

---

Back to OP, i think best thing to do is just go through the whole process of syncing. I know it sucks, takes a lot of time and bandwidth but it's better to be safe.

They normally get rid of tracker cookies and other stuff that can be silently downloaded by Web browsers flaws...

They also tell you the exposure of most applications and how likely it'll be to get a virus from one: not that it's popped up for me for about half a year on the windows machine. A lot of things I use are only made for windows (which is a shame because they'd run much faster on Linux - even Ubuntu is faster and less power intensive than Windows).